tomaswolf commented on pull request #177: URL: https://github.com/apache/mina-sshd/pull/177#issuecomment-962439849
It works if both keys (our and theirs) have the most significant bit zero. If our key (encode()) has the most significant bit set, they close the connection. If their key (decode()) has the most significant bit set, we fail to verify their signature. I suspect this is related to [RFC 7748, section 5](https://datatracker.ietf.org/doc/html/rfc7748#section-5): > When receiving such an array, implementations of X25519 (but not X448) MUST mask the most significant bit in the final byte. (They talk little-endian here.) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
